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REMARKS 

The Office Action mailed November 1 6, 2006 considered claims 1-51. Claims 1 and 23 were 
rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the written description 
requirement. Claims 23-44 were rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. Claims 1-51 were rejected under 35 U.S.C. 102(b) as being anticipated 
by Check Point (NPL "Check Point FireWall-1 User Guide", books "architecture and Administration" - 
AA, and "virtual Private Networking with Check Point FireWall-l"-VP, hereinafter Checkpoint.) 1 

By this paper, claims 12, 14, 15, 34, 36, 37 have been amended and claims 52-60 are new. 2 
Claims 1-11, 13, 23-33, and 35, haven been cancelled. Accordingly, claims 12, 14-22, 34, and 36-58 are 
pending, of which claims 12, 34, 45, and 58, are the only independent claims at issue. 

Embodiments of present invention are directed authenticating computer systems that are 
connected to and/or communicating with virtual private networks. Claim 1, for example, defines a 
firewall receiving an assertion from a client that the client has credentials appropriate for accessing a 
private network resource. Next, claim 1 defines initiating a series of authentication transactions between 
the client, which is initially unaware that the firewall operates as a gateway for the private network, and 
the firewall. The series of authentication transactions is designed to impose commensurable processing 
burdens on the client requesting access to the private network resource and the firewall operating as a 
gateway for the private network. Successful completion each authentication transaction incrementally 
increases a level of trust between the client and the firewall. 

Next, claim 1 defines for each of the series of authentication transactions between the client 
and the firewall: 1) sending a challenge to the client, the correct answer to the challenge obtainable 
from the asserted credentials without having to divulge the asserted credentials such that if the client 
actually possesses the asserted credentials the client can generate the correct answer, 2) receiving a 
response from the client including an answer to the challenge, and 3) verifying whether or not the 
answer included in the response the correct answer to the challenge. Lastly, claim 1 defines that when 
an acceptable level of probability that the client actually possesses the asserted credentials is reached 
based on a plurality of correct answers, the firewall grants the client access to the private network 
resource through the firewall 

Claim 34 is a computer-readable media claim corresponding to claim 12. 



Although the prior art status of the cited art is not being challenged at this time, Applicant reserves the right to 
challenge the prior art status of the cited art at any appropriate time, should it arise. Accordingly, any arguments and 
amendments made herein should not be construed as acquiescing to any prior art status of the cited art. 
2 Support for the amendments to the claims are found throughout the specification, Figures, and previously 
presented claims, including, paragraphs [018]-[020], [036]-[043], [060], and Figure 5. 
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Claim 45 defines receiving at a firewall, an access request from the client that is directed to the 
server because the client does not know that the firewall operates as a gateway for the server. Next, claim 
45 defines generating one or more authentication credentials at the firewall that demonstrate a level of 
trust between the server and the firewall. Next, claim 45 defines the firewall sending a request for the 
client to authenticate to the firewall. The request includes the one or more firewall authentication 
credentials so that the client knows of the level of trust between the server and the firewall without having 
to make a separate request. Next, claim 1, defines receiving at the firewall, one or more authentication 
credentials from the client. Next, claim 45 defines the firewall verifying the one or more client 
authentication credentials. Lastly, claim 45 defines allowing the client to access the server through the 
firewall. 

Claim 58 is a computer-readable media claim corresponding to claim 45. 

Applicant respectfully submits that the cited art of record does not anticipate or otherwise render 
the amended claims unpatentable for at least the reason that the cited art does not disclose, suggest, or 
enable each and every element of these claims. 

Chapter 1 of the architecture and Administration (or "AA") portion of Checkpoint describes 
authentication at a firewall, (page 27). Various different types of authentication including user 
authentication, client authentication, session authentication, and transparent authentication and their 
corresponding features are described, (pages 28-29). Further, the different types of authentication can be 
implemented using various different authentication schemes, (page 30). 

When a request is directed to a server, a firewall can be invoked to mediate a connection to a 
server (page 31). The user can submit credentials to the firewall and then, if the firewall credentials are 
appropriate, be connected to a server for further authentication, (pages 31-32 and 39-41). Alternately, a 
request can be sent directly to the firewall to gain access to the server, (pages 42-44). Thus, the AA 
portion of Checkpoint essentially describes that gaining access to a server may require two separate 
logins, potentially based on two different sets of credentials, for example: 1) a login to a firewall and 2) a 
separate subsequent login to the server. 

However, completing authenticating with either the firewall or the server includes receiving a 
request for server access, returning a request for credentials, receiving credentials, and processing the 
credentials. If the credentials are appropriate, the user is allowed to subsequently login at the server 
(authenticated at firewall), or is given server access (subsequently authenticated at server). If not the user 
is denied access. No other authentication related decisions are made. 

Thus, the cited art fails to teach either singly or in combination for each of a series of 
authentication transactions sending a challenge to the client, the correct answer to the challenge 



Page 13 of 15 



Application No. 10/611,832 

Amendment "A" dated February 16, 2007 

Reply to Office Action mailed November 16, 2006 

obtainable from the asserted credentials without having to divulge the asserted credentials such that if the 
client actually possesses the asserted credentials the client can generate the correct answer and wherein 
when an acceptable level of probability that the client actually possesses the asserted credentials is 
reached based on a plurality of correct answers, the firewall granting the client access to the private 
network resource through the firewall, as recited in claim 12, in view of the other limitations of claim 12. 
For at least this reason, claim 12 patentably defines over the art of record. For at least the same reason, 
claim 34 also patentable defines over the art of record. 

Further, in Checkpoint, each of the firewall and server are individually responsible for their own 
processing. Neither can make authentication related assertions for or based on information associated 
with the other. Thus, while the firewall can interpose itself between a client and a server, the firewall can 
not assert to the client that it is trusted by the server or vice versa. 

Thus, the cited art also fails to teach either singly or in combination generating one or more 
authentication credentials at the firewall that demonstrate a level of trust between the server and the 
firewall and the firewall sending a request for the client to authenticate to the firewall, the request 
including the one or more firewall authentication credentials so that the client knows of the level of trust 
between the server and the firewall without having to make a separate request, as recited in claim 45, in 
view of the other limitations of claim 45. For at least this reason, claim 45 patentably defines over the art 
of record. For at least the same reason, claim 58 also patentable defines over the art of record. 

Since any dependent claims depend from one of the independent claims 12, 34, 45, or 58, each of 
the dependent claims also patentably define over the art of record at least for the same reason as their 
corresponding base claim. However, a number of dependent claims also independently distinguish over 
the art of record. For example, the cited are also fails to teach either singly or in combination the 
limitations recited in claims 52-57 and 59 and 60. 

Claims 1 and 23 were rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply with the 
written description requirement. Claims 1 and 23 have cancelled rendering this rejection moot. 
Accordingly, Applicants respectfully request withdrawal of 35 U.S.C. 1 12, first paragraph rejection. 

Claims 23-44 were rejected under 35 U.S.C. 101 because the claimed invention is directed to 
non-statutory subject matter. More specifically, the claims are not limited to tangible embodiments. 
Claims 23-33 have been cancelled rendering the rejection of claims 23-33 moot. Claim 34 has been 
amended to recite "physical recordable-type computer readable media". Applicants submit that this 
language causes claim 34 to recite a tangible embodiment. Accordingly, Applicants respectfully request 
withdrawal of the 35 U.S.C. 101 rejections. 
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In view of the foregoing, Applicant respectfully submits that the other rejections to the claims are 
now moot and do not, therefore, need to be addressed individually at this time. It will be appreciated, 
however, that this should not be construed as Applicant acquiescing to any of the purported teachings or 
assertions made in the last action regarding the cited art or the pending application, including any official 
notice. Instead, Applicant reserves the right to challenge any of the purported teachings or assertions 
made in the last action at any appropriate time in the future, should the need arise. Furthermore, to the 
extent that the Examiner has relied on any Official Notice, explicitly or implicitly, Applicant specifically 
requests that the Examiner provide references supporting the teachings officially noticed, as well as the 
required motivation or suggestion to combine the relied upon notice with the other art of record. 

In the event that the Examiner finds remaining impediment to a prompt allowance of this 



application that may be clarified through a telephone interview, the Examiner is requested to contact the 
undersigned attorney at (801) 533-9800. 

Dated this 16 th day of February, 2007. 




RICK D. NYDEGGER 
Registration No. 28,651 
MICHAEL B. DODD 
Registration No. 46,437 
GREGORY R. LUNT 
Registration No. 47,354 
Attorneys for Applicant 
Customer No. 47973 



GRL:ds 

DS0000007108V001 



Page 15 of 15 



